packages/net/miniupnpd/files/miniupnpd.firewall

. /etc/functions.sh
include /lib/network
scan_interfaces

upnp_ipt() {
	iptables "$@" 2>/dev/null
}

upnp_firewall_addif() {
	local extif
	local extip
	local iface

	config_load upnpd
	config_get iface config external_iface

	[ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return

	config_load network
	config_get extip "${iface:-wan}" ipaddr
	config_get extif "${iface:-wan}" ifname

	logger -t "upnp firewall" "adding wan interface $extif($extip)"

	upnp_ipt -t nat -N miniupnpd_${iface:-wan}_rule
	upnp_ipt -t nat -A miniupnpd_${iface:-wan}_rule -i $extif -d $extip -j MINIUPNPD
	upnp_ipt -t nat -A prerouting_rule -j miniupnpd_${iface:-wan}_rule

	upnp_ipt -t filter -N miniupnpd_${iface:-wan}_rule
	upnp_ipt -t filter -A miniupnpd_${iface:-wan}_rule -i $extif -o ! $extif -j MINIUPNPD
	upnp_ipt -t filter -A forwarding_rule -j miniupnpd_${iface:-wan}_rule
}

upnp_firewall_delif() {
	local iface

	config_load upnpd
	config_get iface config external_iface

	[ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return

	logger -t "upnp firewall" "removing wan interface"

	upnp_ipt -t nat -D prerouting_rule -j miniupnpd_${iface:-wan}_rule
	upnp_ipt -t nat -F miniupnpd_${iface:-wan}_rule
	upnp_ipt -t nat -X miniupnpd_${iface:-wan}_rule

	upnp_ipt -t filter -D forwarding_rule -j miniupnpd_${iface:-wan}_rule
	upnp_ipt -t filter -F miniupnpd_${iface:-wan}_rule
	upnp_ipt -t filter -X miniupnpd_${iface:-wan}_rule
}

upnp_firewall_start() {
	upnp_ipt -t nat -N MINIUPNPD
	upnp_ipt -t filter -N MINIUPNPD
	upnp_firewall_addif
}

upnp_firewall_stop() {
	upnp_firewall_delif
	upnp_ipt -t nat -F MINIUPNPD
	upnp_ipt -t nat -X MINIUPNPD
	upnp_ipt -t filter -F MINIUPNPD
	upnp_ipt -t filter -X MINIUPNPD
}
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00			`. /etc/functions.sh`
			`include /lib/network`
			`scan_interfaces`

			`upnp_ipt() {`
			`iptables "$@" 2>/dev/null`
			`}`

			`upnp_firewall_addif() {`
packages/net/miniupnpd: - rewrite firewall to actually forward - fix bandwidth calculation - swap upload and download rate - make init and hotplug scripts less verbose - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@14038 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-01-14 23:18:45 +00:00			`local extif`
			`local extip`
			`local iface`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00
			`config_load upnpd`
packages/net/miniupnpd: - rewrite firewall to actually forward - fix bandwidth calculation - swap upload and download rate - make init and hotplug scripts less verbose - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@14038 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-01-14 23:18:45 +00:00			`config_get iface config external_iface`

			`[ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00
			`config_load network`
packages/net/miniupnpd: - rewrite firewall to actually forward - fix bandwidth calculation - swap upload and download rate - make init and hotplug scripts less verbose - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@14038 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-01-14 23:18:45 +00:00			`config_get extip "${iface:-wan}" ipaddr`
			`config_get extif "${iface:-wan}" ifname`

			`logger -t "upnp firewall" "adding wan interface $extif($extip)"`

			`upnp_ipt -t nat -N miniupnpd_${iface:-wan}_rule`
			`upnp_ipt -t nat -A miniupnpd_${iface:-wan}_rule -i $extif -d $extip -j MINIUPNPD`
			`upnp_ipt -t nat -A prerouting_rule -j miniupnpd_${iface:-wan}_rule`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00
packages/net/miniupnpd: - rewrite firewall to actually forward - fix bandwidth calculation - swap upload and download rate - make init and hotplug scripts less verbose - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@14038 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-01-14 23:18:45 +00:00			`upnp_ipt -t filter -N miniupnpd_${iface:-wan}_rule`
			`upnp_ipt -t filter -A miniupnpd_${iface:-wan}_rule -i $extif -o ! $extif -j MINIUPNPD`
			`upnp_ipt -t filter -A forwarding_rule -j miniupnpd_${iface:-wan}_rule`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00			`}`

			`upnp_firewall_delif() {`
packages/net/miniupnpd: - rewrite firewall to actually forward - fix bandwidth calculation - swap upload and download rate - make init and hotplug scripts less verbose - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@14038 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-01-14 23:18:45 +00:00			`local iface`

			`config_load upnpd`
			`config_get iface config external_iface`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00
packages/net/miniupnpd: - rewrite firewall to actually forward - fix bandwidth calculation - swap upload and download rate - make init and hotplug scripts less verbose - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@14038 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-01-14 23:18:45 +00:00			`[ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00
packages/net/miniupnpd: - rewrite firewall to actually forward - fix bandwidth calculation - swap upload and download rate - make init and hotplug scripts less verbose - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@14038 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-01-14 23:18:45 +00:00			`logger -t "upnp firewall" "removing wan interface"`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00
packages/net/miniupnpd: - rewrite firewall to actually forward - fix bandwidth calculation - swap upload and download rate - make init and hotplug scripts less verbose - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@14038 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-01-14 23:18:45 +00:00			`upnp_ipt -t nat -D prerouting_rule -j miniupnpd_${iface:-wan}_rule`
			`upnp_ipt -t nat -F miniupnpd_${iface:-wan}_rule`
			`upnp_ipt -t nat -X miniupnpd_${iface:-wan}_rule`

			`upnp_ipt -t filter -D forwarding_rule -j miniupnpd_${iface:-wan}_rule`
			`upnp_ipt -t filter -F miniupnpd_${iface:-wan}_rule`
			`upnp_ipt -t filter -X miniupnpd_${iface:-wan}_rule`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00			`}`

			`upnp_firewall_start() {`
packages/net/miniupnpd: - rewrite firewall to actually forward - fix bandwidth calculation - swap upload and download rate - make init and hotplug scripts less verbose - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@14038 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-01-14 23:18:45 +00:00			`upnp_ipt -t nat -N MINIUPNPD`
			`upnp_ipt -t filter -N MINIUPNPD`
			`upnp_firewall_addif`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00			`}`

			`upnp_firewall_stop() {`
packages/net/miniupnpd: - rewrite firewall to actually forward - fix bandwidth calculation - swap upload and download rate - make init and hotplug scripts less verbose - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/packages@14038 3c298f89-4303-0410-b956-a3cf2f4a3e73 2009-01-14 23:18:45 +00:00			`upnp_firewall_delif`
miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts git-svn-id: svn://svn.openwrt.org/openwrt/packages@13742 3c298f89-4303-0410-b956-a3cf2f4a3e73 2008-12-25 03:25:13 +00:00			`upnp_ipt -t nat -F MINIUPNPD`
			`upnp_ipt -t nat -X MINIUPNPD`
			`upnp_ipt -t filter -F MINIUPNPD`
			`upnp_ipt -t filter -X MINIUPNPD`
			`}`